Open system might plug up holes in the e-voting process

by Mike Himowitz
Baltimore Sun

WHILE ELECTION officials, lawmakers and critics in Maryland and other states squabble over the reliability of electronic voting systems, a small group of computer scientists and engineers has been developing one that might actually work.

The Open Voting Consortium is scheduled to demonstrate a prototype today in San Jose, Calif. You can try a version yourself on the Web at www.open votingconsortium.org.

Although it's far from a finished product, the system retains what's good about current electronic voting systems. It's voter-friendly, easier than older systems to administer, and accessible to blind voters without assistance.

It also addresses the concerns of today's critics. First, it uses open-source software that's available for public inspection - eliminating the secrecy that outrages critics of today's proprietary "black box" systems.

Second, the software is free and can run on a variety of computer platforms, which makes the system cheaper to acquire and maintain. Third, it creates a paper trail of printed ballots that can be counted by hand or machine in case of disputed elections - without compromising privacy for the blind.

Unfortunately, the system may come too late to prevent disasters in the next round of elections. To understand why, it takes a bit of history.

In response to the Florida fiasco of 2000, which left the presidential election in limbo and millions of voters disgusted with the system, Congress passed the Help America Vote Act of 2002. It provides $3.9 billion to help states replace lever-based voting machines and discredited punch-card ballots with electronic systems.

Although HAVA doesn't forbid scanned paper-ballot systems, which have worked reliably for years, it does require states to equip each poll with a voting terminal accessible to the blind without assistance. As a result, most states have chosen Direct Recording Electronic systems, or DREs, that use touch-screen computers to record votes and provide add-on audio equipment to guide blind voters.

Early on, election officials ignored critics - including many computer scientists - who warned that electronic systems were open to sabotage, tampering and vote-fixing - particularly without the safety of a paper record of each ballot.

Critics also complained that these systems use proprietary software from their vendors to tabulate and store votes - code that's not available to the public. In essence, the most critical part of the election - counting the votes - had been snatched from public view and stashed away in a "black box."

The response from election administrators and voting system vendors: "Trust us."

After a series of embarrassing glitches and exposures of security defects, some states, including California and Ohio, are considering requiring that electronic systems print voter-verified "receipts" that can be stored and used in recounts of disputed elections.

Legislators in Maryland, which bought a $56 million Diebold touch-screen system that two security consultants separately have criticized, are considering similar legislation, although it's unlikely to pass this year.

Advocates for the blind threaten lawsuits over the paper trail proposals, arguing that any system relying on paper verification discriminates against the visually impaired.

While these debates raged over the summer and fall, a group of computer scientists and civic activists who had been working on designs for electronic voting systems for years - mostly in California - formed the Open Voting Consortium to develop a system that's electronic, secure and blind-accessible.

Instead of printing a "receipt" that confirms a ballot cast electronically, it's based on the quaint notion that the best ballot is still a paper ballot. "We didn't see any reason to reinvent the wheel," said Fred McLain, the project's lead software developer.

In the consortium's system, the voting terminal can be a touch screen like today's electronic touch-screens, with the same type of audio accessories for blind voters. But the terminal's main job, once the voter is finished, is to print a paper ballot that identifies the voter's choices - along with a bar code that records the information in computer-readable form.

Once the voter is satisfied, he puts the ballot into a locked box. To verify their ballots, blind voters can hide their printed choices in a security folder and run the bar code under a verifying scanner, which reads back their votes through headphones - eliminating the paper ballot's privacy concerns.

When the polls close, the ballots are scanned on a separate tabulating system. Election judges can compare the scanned totals with those stored in the voting terminals to see if there are any discrepancies. The original ballots are still available to settle disputes - and unlike scanned paper ballots in older systems, the voter's choices are always clearly marked.

"That is a profound difference," said Alan Dechert, the consortium's president. "With a DRE, when you say 'Cast my ballot,' the vote exists in a database. In this system, it says, 'Print my ballot' - the authentic vote is on paper."

Like the "receipt" system, the Open Voting Consortium's plan would add a printer to the mix -- a clunky piece of equipment most election administrators would like to avoid. It also adds an optical scanner, yet another potential source of problems. But the setup adds a measure of security, too - hackers would have to compromise two separate computer systems without being detected to rig an election.

The other major difference in the Open Voting system is the nature of the software that counts the votes. Open-source software is developed by a group of programmers who publish their code and invite others to attack it or offer suggestions for improvements.

Traditional software companies hate open-source software because no one owns it or collects royalties for it. But the process works. The Linux operating system, now used on millions of servers around the world, is a premier example of open source software. Computer experts say Linux is far more secure than Microsoft Windows - largely because friendly hackers have examined it closely and suggested improvements that help keep intruders out.

Dechert said the Open Voting Consortium will spend the coming months demonstrating its system to election administrators around the country.

It's an uphill battle, because so many - like those in Maryland - have committed millions to proprietary systems and have little inclination to admit a mistake. Likewise, vendors of electronic systems have invested heavily in lobbyists, marketing teams and political contributions to keep their share of the e-voting billions.